Take 'env' reference before async calling perform_reopen()

The 'env' pointer is passed to an async function without taking
a reference first, which can potentially cause a use-after-free
error. Take a reference, then detach in the async function.

(cherry picked from commit 48d7401f0db66cbe9f6fcdffb549488e28110ad8)

diff --git a/lib/dns/dnstap.c b/lib/dns/dnstap.c
index aaa83d6b4319ec32264115c8d4c003075d09a516..4addc77a9c308381232a379425f427ed6b1e403e 100644 (file)
--- a/lib/dns/dnstap.c
+++ b/lib/dns/dnstap.c
@@ -685,6 +685,8 @@ perform_reopen(void *arg) {
        LOCK(&env->reopen_lock);
        env->reopen_queued = false;
        UNLOCK(&env->reopen_lock);
+
+       dns_dtenv_detach(&env);
 }
 
 /*%
@@ -716,6 +718,7 @@ check_file_size_and_maybe_reopen(dns_dtenv_t *env) {
         * Send an event to roll the output file, then disallow output file
         * rolling until the roll we queue is completed.
         */
+       dns_dtenv_ref(env);
        isc_async_run(env->loop, perform_reopen, env);
        env->reopen_queued = true;